Difference between global ACL , table.* ACL, table.field ACL

moncef · ‎05-23-2018

Hi,

I have a lot of ACL's on my table, i want to do some updates on my ACL, im i forced to do it on the whole ACL's, or there is a solution to do it just once to be sure that it works ?

I have on my table : table.* ACL, table.field ACL and table ACL.

Thanks.

Anurag Tripathi · ‎05-23-2018

All these are different levels of Controls that can be imposed on any table./field and to gain access one should pass all the ACLs, if anyone if blocked then you cant access the field.

-Anurag

vinothkumar · ‎05-23-2018

Hi,

Table.* is a field level ACL which gives Access to all field on that table.

Table.none is a row level ACL allows you to access records.

I usually use an "image" of an house with rooms to explain it.

Your record (table.none) is an house

table.* means all the rooms

table.comments is one precise room (living room) of the house

So I'm a painter and you asked me to paint your living room.

You give me write access to table.* but not to table.none, that means I'll be able to modify fields (enter into the living room) BUT I won't be able to save the information (enter into the house).

And as I'm very polite, I won't try to enter by breaking the windows, so please if you want me to paint your living room, give me an access to your house.

Btw, take care of giving table.* because you're letting me doing the access (reading / writing) of all the rooms of the house and sometimes we prefer to let some doors closed like the "office room" because we have private information there and I shouldn't (as a painter) have an access to these information.

In that specific case, I'll give my painter:

house.none write access
house.living_room write access
BUT not house.*

Hope this little explanation makes the things clearer, if not feel free to ask again